BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [webapps] Moodle 4.4.0 - Authenticated Remote Code Execution
- [remote] Microsoft SharePoint 2019 - NTLM Authentication
- [remote] gogs 0.13.0 - Remote Code Execution (RCE)
- [remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)
- [webapps] Sitecore 10.4 - Remote Code Execution (RCE)
- [remote] PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)
- [webapps] Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)
- [remote] OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- [remote] freeSSHd 1.0.9 - Denial of Service (DoS)
- [remote] McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information
Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024
/in General NewsHighlights
Complex Tool Landscape: Explore the wide array of cybersecurity tools used by MSPs, highlighting the common challenge of managing multiple systems that may overlap in functionality but lack integration.Top Cybersecurity Challenges: Discuss the main challenges MSPs face, including integration issues, limited visibility across systems, and the high cost and complexity of maintaining
The Hacker News – Read More
Semperis Eyes IPO With $125 Million in Growth Financing
/in General NewsEnterprise identity company raises new capital from JP Morgan and Hercules Capital as it prepares for an IPO exit.
The post Semperis Eyes IPO With $125 Million in Growth Financing appeared first on SecurityWeek.
SecurityWeek – Read More
INE Security: Optimizing Teams for AI and Cybersecurity
/in General NewsCary, United States, 20th June 2024, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Surfshark vs Norton Secure VPN (2024): Which VPN Is Better?
/in General NewsWhich VPN is better, Norton Secure VPN or Surfshark? Use our guide to compare pricing, features and more.
Security | TechRepublic – Read More
Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira
/in General NewsAtlassian has released Confluence, Crucible, and Jira updates to address multiple high-severity vulnerabilities.
The post Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira appeared first on SecurityWeek.
SecurityWeek – Read More
Post-Quantum Cryptography Firm PQShield Raises $37 Million
/in General NewsPost-quantum cryptography (PQC) company PQShield has raised $37 million in Series B funding for its quantum-safe cryptography solutions.
The post Post-Quantum Cryptography Firm PQShield Raises $37 Million appeared first on SecurityWeek.
SecurityWeek – Read More
New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration
/in General NewsA new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts.
Fortinet FortiGuard Labs said it’s aware of four different distribution methods — namely VBA dropper, VBA downloader, link downloader, and executable downloader — with some of them using a
The Hacker News – Read More
Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations
/in General NewsCybersecurity researchers have uncovered a new evasive malware loader named SquidLoader that spreads via phishing campaigns targeting Chinese organizations.
AT&T LevelBlue Labs, which first observed the malware in late April 2024, said it incorporates features that are designed to thwart static and dynamic analysis and ultimately evade detection.
Attack chains leverage phishing emails that
The Hacker News – Read More
‘ONNX’ MFA Bypass Targets Microsoft 365 Accounts
/in General NewsThe service, likely a rebrand of a previous operation called ‘Caffeine,’ mainly targets financial institutions in the Americas and EMEA and uses malicious QR codes and other advanced evasion tactics.
darkreading – Read More
Massachusetts 911 Outage Caused by Errant Firewall
/in General NewsA statewide outage of the Massachusetts 911 system was the result of a firewall that blocked calls from reaching emergency responders.
The post Massachusetts 911 Outage Caused by Errant Firewall appeared first on SecurityWeek.
SecurityWeek – Read More